Filtered by vendor Apple
Subscribe
Total
10175 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-6173 | 1 Apple | 1 Mac Os X | 2017-07-28 | 7.2 HIGH | N/A |
Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter. | |||||
CVE-2006-6292 | 1 Apple | 2 Airport Extreme, Mac Os X | 2017-07-28 | 5.7 MEDIUM | N/A |
Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-related impact via certain beacon frames. | |||||
CVE-2003-1413 | 1 Apple | 2 Darwin Streaming Server, Quicktime Streaming Server | 2017-07-28 | 4.3 MEDIUM | N/A |
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages. | |||||
CVE-2007-0022 | 1 Apple | 1 Mac Os X | 2017-07-28 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in writeconfig in Apple Mac OS X 10.4.8 allows local users to gain privileges via a modified PATH that points to a malicious launchctl program. | |||||
CVE-2007-0023 | 1 Apple | 1 Mac Os X | 2017-07-28 | 6.9 MEDIUM | N/A |
The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user. | |||||
CVE-2007-0021 | 1 Apple | 1 Ichat | 2017-07-28 | 7.5 HIGH | N/A |
Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI. | |||||
CVE-2007-0102 | 1 Apple | 1 Preview | 2017-07-28 | 6.8 MEDIUM | N/A |
The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | |||||
CVE-2017-2241 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2017-07-28 | 6.5 MEDIUM | 6.3 MEDIUM |
SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". | |||||
CVE-2017-2240 | 2 Apple, Hammock | 2 Mac Os X, Assetview | 2017-07-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service". | |||||
CVE-2016-7599 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2017-07-26 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses HTTP redirects. | |||||
CVE-2016-7597 | 1 Apple | 1 Iphone Os | 2017-07-26 | 2.1 LOW | 4.6 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "SpringBoard" component, which allows physically proximate attackers to maintain the unlocked state via vectors related to Handoff with Siri. | |||||
CVE-2016-7600 | 1 Apple | 1 Mac Os X | 2017-07-26 | 2.1 LOW | 6.2 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app. | |||||
CVE-2016-7598 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2017-07-26 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site. | |||||
CVE-2016-7596 | 1 Apple | 1 Mac Os X | 2017-07-26 | 9.3 HIGH | 8.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
CVE-2016-4690 | 1 Apple | 1 Iphone Os | 2017-07-26 | 4.6 MEDIUM | 6.8 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Image Capture" component, which allows attackers to execute arbitrary code via a crafted USB HID device. | |||||
CVE-2016-4692 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2017-07-26 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
CVE-2016-7609 | 1 Apple | 1 Mac Os X | 2017-07-26 | 4.9 MEDIUM | 6.2 MEDIUM |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
CVE-2016-7601 | 1 Apple | 1 Iphone Os | 2017-07-26 | 4.6 MEDIUM | 6.8 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Local Authentication" component, which does not honor the configured screen-lock time interval if the Touch ID prompt is visible. | |||||
CVE-2016-7620 | 1 Apple | 1 Mac Os X | 2017-07-26 | 2.1 LOW | 3.3 LOW |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOSurface" component. It allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||||
CVE-2016-7618 | 1 Apple | 1 Mac Os X | 2017-07-26 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Foundation" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .gcx file. |